Details

Description

The wicket.util.crypt.SunJceCrypt class attempts to load Sun's JCE security provider class and throws an exception if it doesn't exist. Wicket then defaults to a trivial encryption implementation. However, the Java runtime may have other security providers that support the required encryption (PBEWithMD5AndDES). The following patch checks for statically registered providers (which users typically configure in their java.security file) before defaulting to the Sun JCE case.

Eelco Hillenius
added a comment - 09/Feb/07 18:04 Another thing is that our password field eats up any crypt related exception and says it can't load the crypt, even if there was something completely different going on.